NCI WEBSITE
NORMA eResearch @NCI Library

Automation of Remediation of Configuration Vulnerabilities Reported by the DAST Scanning Procedure

Tools

Bril, Vladyslav (2023) Automation of Remediation of Configuration Vulnerabilities Reported by the DAST Scanning Procedure. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
Preview
 PDF (Master of Science)
Download (2MB) | Preview
[thumbnail of Configuration manual]
Preview
 PDF (Configuration manual)
Download (4MB) | Preview

Abstract

Modern security requirements have affected approaches to building a DevOps model, stimulating the transition to DevSecOps paradigm with the addition of elements of checking the product for compliance with security criteria. In most cases, the vulnerabilities found during product testing, described in the generated reports by dynamic testing tools (DAST), need to be fixed manually which can require a lot of effort from developers who may not deal with the aspects of secure product creation.

A solution to this problem is a separate module that can automate the process of fixing vulnerabilities detected, as well as having the ability to be integrated into the CI/CD pipeline. The concept of dedicating remediation procedures to the pre-defined scenarios is significant to enhance the overall product security level, as well as release the developers from the burden of regular vulnerabilities fixes. This work analysed current trends in building automated DevOps and DevSecOps factories, delivered a software component that aims to automate the remediation activities after conducting the DAST operations, and also proposed an optimal DevSecOps scheme for which it is possible to introduce such software.

Item Type: Thesis (Masters)
Supervisors:
Name
Email
Sahni, Vikas
UNSPECIFIED
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Tamara Malone
Date Deposited: 28 Apr 2023 13:49
Last Modified: 28 Apr 2023 13:49
URI: https://norma.ncirl.ie/id/eprint/6513

Actions (login required)

View Item View Item